public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "zhangboyang.id at gmail dot com" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug c/24542] potential integer overflow should be warned on assignment to wider variable Date: Fri, 31 Mar 2023 08:15:37 +0000 [thread overview] Message-ID: <bug-24542-4-mS5rml8afJ@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-24542-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542 --- Comment #12 from Zhang Boyang <zhangboyang.id at gmail dot com> --- Hi, Sorry for filled a duplicate bug. But I'd like to suggest reconsider this feature request. Here are two reasons: 1) "u64 = 1 << u32", "u64 = u32 * u32" are common mistakes in beginners, 2) These expressions may introduce vulnerability especially on now-widely-used 64-bit machines: On a typical 64-bit machine, it's ok to write: unsigned x = ...; malloc(sizeof(...) + x) but it will introduce vulnerability with a trivial change of "*2", i.e.: malloc(sizeof(...) + x * 2) If expression is very long, it's very hard to find out where is the bug. Instead of warn on multiplys, I suggest a new "-Wexpr-conversion", it will detect and warn on implicit conversions if and only if: 1) convert to wider variable, and 2) value is real expression (i.e. result of operands, like a*b; but not variable or function call or explicit cast) For example, it should warn on: uint64_t u64 = ...; uint32_t u32 = ...; u64 = 1 << u32; // ^^^^^^^^ // suggests "u64 = (uint64_t)1 << (uint64_t)u32" // suppressed by "u64 = (uint32_t)(1 << u32)" But not on: u64 = u32; u64 = (u32)(...); u64 = f(...); This might be a kind of noisy warning like "-Wconversion" but I believe it will help some people (we can just disable it by default). Zhang Boyang
next prev parent reply other threads:[~2023-03-31 8:15 UTC|newest] Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top [not found] <bug-24542-4@http.gcc.gnu.org/bugzilla/> 2023-03-31 7:16 ` pinskia at gcc dot gnu.org 2023-03-31 8:15 ` zhangboyang.id at gmail dot com [this message] 2023-03-31 9:18 ` [Bug c/24542] potential unwanted truncation of operation " rguenth at gcc dot gnu.org 2023-03-31 9:33 ` rsandifo at gcc dot gnu.org 2023-08-07 11:00 ` mail+gcc at nh2 dot me 2023-08-07 14:34 ` pinskia at gcc dot gnu.org 2005-10-26 14:54 [Bug c/24542] New: integer " alexey at hyperroll dot com 2005-10-26 15:59 ` [Bug c/24542] potential " pinskia at gcc dot gnu dot org 2005-10-26 16:00 ` pinskia at gcc dot gnu dot org 2005-10-26 17:12 ` alexey at hyperroll dot com 2005-11-01 22:29 ` pinskia at gcc dot gnu dot org 2006-03-13 21:49 ` alexey at hyperroll dot com 2006-03-13 21:52 ` pinskia at gcc dot gnu dot org 2006-09-18 0:18 ` pinskia at gcc dot gnu dot org 2006-09-18 5:48 ` alexey at hyperroll dot com
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-24542-4-mS5rml8afJ@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).